Description
As far as I'm aware, once a user gets past the HTTP-level authentication, all servlets available on that port are available to the user. This is a security hole as there is some information and services that we don't want every user to be able to access or only want them to access from certain locations.
Attachments
Issue Links
- duplicates
-
HADOOP-5722 HTTP metrics interface enable/disable must be configurable
- Resolved